Vulnerabilities (CVE)

Vendor filter

Gnu Subscribe

Product filter

Glibc Subscribe

Filter

112 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6551 1 Gnu 1 Glibc 2018-02-22 7.5
The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a...
CVE-2017-1000409 1 Gnu 1 Glibc 2018-02-15 6.9
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVE-2017-1000408 1 Gnu 1 Glibc 2018-02-15 7.2
A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
CVE-2015-8777 1 Gnu 1 Glibc 2018-01-05 2.1
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.
CVE-2017-17426 1 Gnu 1 Glibc 2017-12-15 6.8
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This...
CVE-2011-5320 1 Gnu 1 Glibc 2017-11-08 2.1
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.
CVE-2017-15671 1 Gnu 1 Glibc 2017-10-25 4.3
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service...
CVE-2004-1453 1 Gnu 1 Glibc 2017-10-11 2.1
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by...
CVE-2004-0968 2 Gnu, Redhat 3 Glibc, Enterprise Linux, Enterprise Linux Desktop 2017-10-11 2.1
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
CVE-2003-0859 5 Quagga, Sgi, Intel and 2 more 7 Propack, Zebra, Linux Advanced Workstation and 4 more 2017-10-11 4.9
The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Glibc, Irix and 1 more 2017-10-10 5.0
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2000-0959 1 Gnu 1 Glibc 2017-10-10 1.2
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
CVE-2000-0824 1 Gnu 1 Glibc 2017-10-10 7.2
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own...
CVE-2013-0242 1 Gnu 1 Glibc 2017-08-29 5.0
Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted...
CVE-2010-0830 1 Gnu 1 Glibc 2017-08-17 5.1
Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute...
CVE-2009-4881 1 Gnu 1 Glibc 2017-08-17 5.0
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a...
CVE-2009-4880 1 Gnu 1 Glibc 2017-08-17 5.0
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format...
CVE-2015-5277 3 Canonical, Gnu, Redhat 6 Ubuntu Linux, Glibc, Enterprise Linux Desktop and 3 more 2017-07-01 7.2
The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the...
CVE-2013-4788 1 Gnu 2 Glibc, Eglibc 2017-07-01 5.1
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to...
CVE-2013-4458 2 Suse, Gnu 3 Glibc, Linux Enterprise Server, Linux Enterprise Debuginfo 2017-07-01 5.0
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that...